stockans.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-18 · ok HTTP/1.1 200 993 ms crawled 2026-05-08

GB · 157.96.37.78 · AS31727 Node4 Limited

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: Handcrafted Scottish Oatcakes from Orkney | Stockan’s Oatcakes
Description: Discover handcrafted Scottish oatcakes from the Orkney Islands - perfect for cheese boards, canapés and everyday snacking.
Language: en-gb
Canonical: https://www.stockans.com/

Open Graph

url: https://www.stockans.com/
title: Handcrafted Scottish Oatcakes from Orkney | Stockan’s Oatcakes
site name: Stockan's Oatcakes
description: Discover handcrafted Scottish oatcakes from the Orkney Islands - perfect for cheese boards, canapés and everyday snacking.
updated time: 2026-01-16T10:48:15+00:00

Technology

Server: Apache
CMS: Joomla

Fonts

Google Fonts

Third-party hosts loaded (4)

fonts.googleapis.com×1
fonts.gstatic.com×1
sdks.shopifycdn.com×1
www.facebook.com×1

Social

Contact

Email

info@stockans.com

Phone

+441856850873

Address

The Granary, 25 North End Rd, KW16 3AG, Stromness, Orkney

Registration

Registrar

eNom, LLC

Created

2009-03-19

Expires

2028-03-19 670 days left

Updated

2026-02-17

Name servers

ns1.serverworld.uk
ns2.serverworld.uk
ns3.serverworld.uk
ns4.serverworld.uk

DNS records live

NS

ns1.serverworld.uk
ns2.serverworld.uk
ns3.serverworld.uk
ns4.serverworld.uk

MX

10 stockans-com.mail.protection.outlook.com

Email authentication partial

SPF: v=spf1 include:spf.protection.outlook.com include:shops.shopify.com -all
strict (-all)
DMARC: v=DMARC1; p=none;
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

R13

from 2026-05-05 to 2026-08-03

Expires in 76 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.stockans.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
cross-origin-opener-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com sdks.shopifycdn.com ajax.googleapis.com connect.facebook.net www.facebook.com *.cloudflareinsights.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' data: https:; connect-src 'self' https: ws:; font-src 'self' data: https:; object-src 'self'; media-src 'self' data: www.youtube.com vimeo.com; manifest-src 'self'; frame-src 'self' *.google.com nb.matomo.cloud www.youtube-nocookie.com www.youtube.com player.vimeo.com challenges.cloudflare.com; form-action 'self'; base-uri 'self'; worker-src 'self' blob:; frame-ancestors 'self'; report-uri https://nbcom.report-uri.com/r/d/csp/enforce
strict-transport-security: max-age=31536000;
cross-origin-opener-policy: same-origin

Links to (6)

Linked from (2)

planitscotland.com×2
orkney2025.com×2